Patent•
Message identification with confidentiality, integrity, and source authentication
03 Dec 1999-
TL;DR: In this paper, a method for transmitting and receiving a secure message is proposed. But this method is restricted to the first secret values (400) being known only to the originating device and one or more intended recipient devices of the message.
Abstract: A method for transmitting and receiving a secure message. Transmission is by generating, using a device identifier (408), an application identifier (406) and an application value (412), of a message value (502), combining the message value (502) with one or more first secret values (400), said secret values (400) being known substantially only to the originating device and one or more intended recipient devices of the message, to establish a secret message value (506), applying the secret message value (506) and the message to an encoding process (602) to form a secure message block (604), and combining an address (616, 618) with a device identifier (408), the application identifier (406), the application value (412) and the secure message block (604), to form a secure message (606) for transmission which is decodable by the one or more of said intended recipient devices which thereby recover the message, the address, the device identifier, the application identifier and the application value.
Citations
More filters
Patent•
25 Feb 2003TL;DR: In this paper, an identity-based communications layer is proposed for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise.
Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.
177Â citations
Patent•
31 Mar 2008
TL;DR: In this paper, the authors describe a system and method for managing multi-media advertising campaigns across multiple online and offline media sources, where a durable network identifier is associated with a client device that is used to access an advertising network and the durable identifier comprises an alphanumeric tag associated with network traffic transmitted through routing devices of the network.
Abstract: Embodiments of a system and method for managing multi-media advertising campaigns across multiple online and offline media sources are described. A durable network identifier is associated with a client device that is used to access an advertising network. The durable identifier comprises an alphanumeric tag associated with network traffic transmitted through routing devices of the network. The durable identifier indexes relevant user demographic and client device information for facilitating the delivery of directed media within the advertising network and is embedded within requests sent from the client computer to a target server computer over a network. A campaign management platform processes certain user metrics provided by the tag processing service and supplements this information with certain extrinsic data. Analysis processes determine behavioral or contextual targeting, as well as user response to ad messages.
92Â citations
Patent•
15 Feb 2006TL;DR: In this article, an identity-based communications layer is proposed for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise.
Abstract: A computer architecture for enterprise device applications that provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. The unique identity is independent of a network-address. Security information and a network address may be associated with the unique identity.
62Â citations
Patent•
25 Mar 2010
TL;DR: In this article, the authors proposed a method for securing communication between a plurality of members, which includes a first member sending a first input to a second member, receiving a second input from the second member and generating, by an n-bit generator, an initial message digest using the first input and the second input.
Abstract: A method for securing communication between a plurality of members. The method includes a first member sending a first input to a second member, receiving a second input from the second member, and generating, by an n-bit generator, an initial message digest using the first input and the second input. Communications between the first member and the second member are encrypted using the initial message digest.
59Â citations
Patent•
23 Jun 2005TL;DR: In this article, application messages are encoded and then encapsulated in transfer messages, enqueue messages, and dequeue responses such that composable protocol elements used in application messages can be reused in the transfer messages.
Abstract: The present invention extends to methods, systems, and computer program products for reliably and securely transferring queued application messages. Application messages are (e.g.,. binary or text) encoded and then encapsulated in transfer messages, enqueue messages, and dequeue responses such that composable protocol elements used in application messages can be reused in the transfer messages, enqueue messages, and dequeue responses. Transfer message headers are encoded and then encapsulated along with encoded application messages such that composable protocol elements used in transfer headers and application messages can be reused in the store and forward messages. Application messages, transfer messages, enqueue messages, dequeue responses, and store and forward messages can all be configured in accordance with the same messaging protocol, such as, for example, Simple Object Access Protocol. Since encapsulated elements are encoded, the encapsulated elements do not interfere with configuration of wrapping messages.
57Â citations
References
More filters
Patent•
23 Jun 1982
TL;DR: In this article, an efficient end-to-end encryption system including key management procedures for providing secure, financial data communication between a system user at one of a plurality of transaction terminals of one of the plurality of acquirer institutions and one of an issuer institutions, with selected elements of the data being encrypted, decrypted and processed using a onetime session key which is similarly encrypted with master keys and efficiently sent along with the specific segments of the request and response messages.
Abstract: An efficient end-to-end encryption system including key management procedures for providing secure, financial data communication between a system user at one of a plurality of transaction terminals of one of a plurality of acquirer institutions and one of a plurality of issuer institutions, with selected elements of the data being encrypted, decrypted, and processed using a onetime session key which is similarly encrypted with master keys and efficiently sent along with the specific segments of the request and response messages. A session key authentication code is utilized to prevent the replay of a previously used session key, thereby precluding undetected message replay or undetected message or data element substitution or insertion.
483Â citations
Patent•
25 Jul 1996
TL;DR: A tokenless identification system and method for authorization of transactions and transmissions is described in this article, which is based on a correlative comparison of a unique biometrics sample, such as a finger print or voice recording, gathered directly from the person of an unknown user, with an authenticated biometric sample of the same type obtained and stored previously.
Abstract: A tokenless identification system and method for authorization of transactions and transmissions is described. The tokenless system and method are principally based on a correlative comparison of a unique biometrics sample, such as a finger print or voice recording, gathered directly from the person of an unknown user, with an authenticated biometrics sample of the same type obtained and stored previously. The method and apparatus can be networked to act as a full or partial intermediary between other independent computer systems, or may be the sole computer systems carrying out all necessary executions. The method and apparatus further contemplates the use of a private code that is returned to the user after the identification has been complete, authenticating and indicating to the user that the computer system was accessed. The identification system and method of the invention additionally include emergency notification process to permit an authorized user to alert authorities an access attempt is coerced.
364Â citations
Patent•
12 Apr 1996
TL;DR: In this article, a process controller implements and executes a standard set of function blocks or control functions defined by a standard protocol so that standard-type control is achieved with respect to non-standard-type devices.
Abstract: A process controller implements and executes a standard set of function blocks or control functions defined by a standard protocol so that standard-type control is achieved with respect to non-standard-type devices. The process controller enables standard devices to implement the standard set of function blocks and control functions. The process controller implements an overall strategy as if all connected devices are standard devices by usage of a Fieldbus function block as a fundamental building block for control structures. These function blocks are defined to create control structures for all types of devices.
296Â citations
Patent•
04 Dec 1997
TL;DR: In this paper, a portable electronic authorization device for approving a transaction request originated from an electronic transaction system is presented, which includes first logic circuit configured to receive first digital data representative of the transaction request.
Abstract: A portable electronic authorization device for approving a transaction request originated from an electronic transaction system. The portable electronic authorization device (200) includes first logic circuit configured to receive first digital data representative of the transaction request. There is further included second logic circuit configured to form second digital data responsive to the transaction request received by the first logic circuit if the transaction request is approved by a user of the portable electronic transaction device. The second digital data represents encrypted data signifying an approval by the user of the transaction request. Additionally, the portable electronic authorization device includes transmission circuitry coupled to the second logic circuit. The transmission circuitry is configured to transmit the second digital data from the portable electronic authorization apparatus to the electronic transaction system (202) if the user approves the transaction request.
270Â citations
Patent•
30 Sep 1996
TL;DR: In this paper, the authors proposed a method for digitally signing a message by a tamper-resistant device to generate a digital signature. The method includes the step of hashing the message to form message bits; and encrypting with a private key the message bits, redundancy bits for the security of the signature, and auditing bits to form the digital signature for the message.
Abstract: A method for digitally signing a message by a tamper-resistant device to generate a digital signature. The method includes the step of hashing the message to form message bits; and encrypting with a private key the message bits, redundancy bits for the security of the signature, and auditing bits to form the digital signature for the message. The auditing bits provide an audit trail for the message. The auditing bits include one or more of the following categories: signature-packet version bits to identify the version of the device generating the signature; device ID bits to identify the token generating the digital signature; key ID bits to identify the private key; a packet-sequence number, which increments every time the device generates a signature to indicate the sequence of signatures generated; bits generated by hashing the prior signature to provide an auditing trail of signatures generated and a time-stamp to indicate the time when the signature is generated. The auditing bits may further include a random number.
221Â citations